Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 11:39
Behavioral task
behavioral1
Sample
11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe
Resource
win7-20240220-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe
Resource
win10v2004-20240508-en
5 signatures
150 seconds
General
-
Target
11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe
-
Size
716KB
-
MD5
11debc4ad6b9d84f30913abbc434f376
-
SHA1
3932404c5803cc1de28e22c985bcb9e16f657ead
-
SHA256
596e15823876ad3c290d491e054b14df5bc83cd6ebe8e64d8f7e778b35b224da
-
SHA512
57dbbac91811f75770ad28f3ddb4370a20c22bbd493f034a940c706b190457cbb2e3507b1127d283c0a95b73fac1d9471e16e7ae91d6f7aa408620c34f06fa3c
-
SSDEEP
12288:afWs4B9RwTqv8ZVETOur6vXKeF76nHrUooyCY+F2keIpDQ481SDkLZ31A:a4tW0Oumv6eFYUooPzNpziSDkp
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2064-0-0x0000000000400000-0x00000000005E9000-memory.dmp vmprotect behavioral1/memory/2064-1-0x0000000000400000-0x00000000005E9000-memory.dmp vmprotect behavioral1/memory/2064-5-0x0000000000400000-0x00000000005E9000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2064 11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2064 11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2064 11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2064 11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\11debc4ad6b9d84f30913abbc434f376_JaffaCakes118.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2064